Hi,
in short:
using SSL you have two parts of encryption:
first a public/secret key system (asymmetric cryptographie) is used to
establish a connection and to agree for a common secret key.
When both parties have agreed to that common secret key (which is, in
short, encrypted with the public keys (very short, this is) ) the common
secret key is used for the encrypting of the exchanged data.
So, for agreement for a common secret key, asymmetric cryptographie is
used.
To be sure you use the true public key of your partie (so nobody elses
key, maybe that of an man-in-the-middle) you get a certificate.
Why a certificate?
Because chances are high that you do not know all keys of all
people/server you want to correspond with. So you get a certificate which
is signed by a CA (certificate authority) that you know and that you can
trust.
More to find in literature.
Hops this helps
Doris
On Tue, 13 Jun 2000, Pamu Radhakrishna wrote:
> hi,
> You know that OpenSSL supports DES for encryption of
> data.So if you want to establish a communication link
> between client & server then you must use a secret
> key.
>
> Now my question is,What the certificate contains?
> I mean what public keys it contains & for what purpose
> they can be used?
>
> Could anybody tell me,before encryption of actual data
>
> using secret key, what are the necessary steps that
> could be performed to share the secret key?
>
> ThanX
> --Radha
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Photos -- now, 100 FREE prints!
> http://photos.yahoo.com
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
